netcat是网络界的瑞士军刀，是一个用于TCP/UDP连接和监听的linux工具，主要用于网络传输及调试领域。netcat 可以打开TCP连接发送UDP报文，监听在TCP和UDP端口，以及TCP端口扫描。
man netcat

NAME
       nc - TCP/IP swiss army knife

SYNOPSIS
       nc [-options] hostname port[s] [ports] ...
       nc -l -p port [-options] [hostname] [port]
OPTIONS
       -c string    specify shell commands to exec after connect (use with caution).  The string is passed  to  /bin/sh  -c  for
                    execution.   See  the  -e option if you don't have a working /bin/sh (Note that POSIX-conformant system must
                    have one).

       -e filename  specify filename to exec after connect (use with caution).  See the -c option for enhanced functionality.

       -g gateway   source-routing hop point[s], up to 8

       -G num       source-routing pointer: 4, 8, 12, ...

       -h           display help

       -i secs      delay interval for lines sent, ports scanned

       -l           listen mode, for inbound connects

       -n           numeric-only IP addresses, no DNS

       -o file      hex dump of traffic

       -p port      local port number (port numbers can be individual or ranges: lo-hi [inclusive])

       -q seconds   after EOF on stdin, wait the specified number of seconds and then quit. If seconds is  negative,  wait  for‐
                    ever.

       -b           allow UDP broadcasts

       -r           randomize local and remote ports

       -s addr      local source address

       -t           enable telnet negotiation

       -u           UDP mode

       -v           verbose [use twice to be more verbose]

       -w secs      timeout for connects and final net reads

       -C           Send CRLF as line-ending

       -z           zero-I/O mode [used for scanning]

       -T type      set  TOS flag (type may be one of "Minimize-Delay", "Maximize-Throughput", "Maximize-Reliability", or "Mini‐
                    mize-Cost".)

安装netcat

root@newbie-unknown85882:~# apt-get install -y netcat
#在此使用的是apt-get安装，如果用yum安装则是yum install -y netcat
正在读取软件包列表... 完成
正在分析软件包的依赖关系树       
正在读取状态信息... 完成       
netcat 已经是最新版 (1.10-41)。
升级了 0 个软件包，新安装了 0 个软件包，要卸载 0 个软件包，有 1 个软件包未被升级。
#本机已经安装了netcat

开启监听端口
在10.83.3.102这台机上执行nc -l -p 9999

root@newbie-unknown85882:~# nc -l -p 9999

打在另一个终端在10.83.3.102这台机上执行netstat -atunlp | grep 9999

root@newbie-unknown85882:~# netstat -atunlp | grep 9999
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      7985/nc

nc 进行局域网内聊天

在服务端10.83.3.102这台机上执行nc -l -p 9999
然后在客户端10.83.3.103这台机上执行nc 10.83.3.102 9999

现在就可以进行简单聊天了：

服务端

root@newbie-unknown85882:~# nc -l -p 9999
Hello World!
Hello Jaking!
Hello SteamedFish!
Hello IGI!

客户端

root@newbie-unknown85883:~# nc 10.83.3.102 9999
Hello World!
Hello Jaking!
Hello SteamedFish!
Hello IGI!

服务端和客户端的消息是同步显示的。

nc 局域网文件传输

在服务端创建文件并传输：

root@newbie-unknown85882:/tmp# echo netcat > a.txt
root@newbie-unknown85882:/tmp# cat a.txt 
netcat
root@newbie-unknown85882:/tmp# nc -l -q 1 -p 9999 < a.txt 
#-q 1 ： 表示发送完等待1秒后退出 

在客户端接收并验证文件：

root@newbie-unknown85883:/tmp# nc 10.83.3.102 9999 > a.txt
root@newbie-unknown85883:/tmp# ls
a.txt
root@newbie-unknown85883:/tmp# cat a.txt 
netcat

传输目录

在服务端对目录进行打包再传输：

root@newbie-unknown85882:/tmp# mkdir book
root@newbie-unknown85882:/tmp# ls
a.txt  book  hwcheck
root@newbie-unknown85882:/tmp# ls -l
总用量 4
-rw-r--r-- 1 root root 7 2月  26 10:28 a.txt
drwxr-xr-x 2 root root 6 2月  26 10:54 book
drwxr-xr-x 2 root root 6 2月  26 10:55 hwcheck
root@newbie-unknown85882:/tmp# cd book/
root@newbie-unknown85882:/tmp/book# ls
root@newbie-unknown85882:/tmp/book# touch 1.txt
root@newbie-unknown85882:/tmp/book# touch 2.txt
root@newbie-unknown85882:/tmp/book# touch 3.txt
root@newbie-unknown85882:/tmp/book# ls
1.txt  2.txt  3.txt
root@newbie-unknown85882:/tmp/book# cd /tmp
root@newbie-unknown85882:/tmp# tar -c book | nc -l -q 1 -p 9999

在客户端接收并验证文件：

root@newbie-unknown85883:/tmp# nc 10.83.3.102 9999 | tar -x
root@newbie-unknown85883:/tmp# ls -R book
book:
1.txt  2.txt  3.txt
root@newbie-unknown85883:/tmp# ls
a.txt  book  hwcheck
root@newbie-unknown85883:/tmp# cd book/
root@newbie-unknown85883:/tmp/book# ls
1.txt  2.txt  3.txt

传输多个文件

在服务端对多个文件进行打包再传输：

root@newbie-unknown85882:/tmp# ls
a.txt  book  hwcheck
root@newbie-unknown85882:/tmp# touch b.txt
root@newbie-unknown85882:/tmp# touch c.txt
root@newbie-unknown85882:/tmp# ls
a.txt  book  b.txt  c.txt  hwcheck
root@newbie-unknown85882:/tmp# tar -c a.txt b.txt c.txt | nc -l -q 1 -p 9999

在客户端接收并验证文件：

root@newbie-unknown85883:/tmp# ls
a.txt  book  hwcheck
root@newbie-unknown85883:/tmp# nc 10.83.3.102 9999 | tar -x
root@newbie-unknown85883:/tmp# ls
a.txt  book  b.txt  c.txt  hwcheck

**使用netcat进行端口扫描 **
格式
nc -v -z -r -i 1 127.0.0.1 8888-8899
-z：指定端口扫描打开仅连接不发送数据

-v：显示详细信息(不指定不会报告打开的端口)

-i：当连接多个端口时 两个端口建立连接的时间间隔。

-r ：让netcat 在指定的端口范围内无序的扫描端口(默认是从低到高依次扫描)

root@newbie-unknown85882:/tmp# nc  -v  -z  -r  -i  1  127.0.0.1 8888-8899
localhost [127.0.0.1] 8888 (?) open
root@newbie-unknown85882:/tmp# nc  -vzr  -i  1  127.0.0.1 8888-8899
localhost [127.0.0.1] 8888 (?) open
root@newbie-unknown85882:/tmp# nc  -vzr  127.0.0.1 8888-8899
localhost [127.0.0.1] 8888 (?) open
root@newbie-unknown85882:/tmp# nc  -vzr  127.0.0.1 1000-10000
localhost [127.0.0.1] 3000 (?) open
localhost [127.0.0.1] 6082 (?) open
localhost [127.0.0.1] 8888 (?) open
localhost [127.0.0.1] 5901 (?) open

使用netcat进行UDP报文传输

cat a.txt | nc -q 1 -u localhost 9999 > /dev/null
将文本文件a.txt 文件输出作为nc的输入 向端口号为9999的服务器发送 a.txt

-q 1：表示发送完等待1秒后退出
-u：表示使用UDP协议来发送报文（默认使用TCP）

root@newbie-unknown85882:/tmp# cat a.txt | nc -q 1 -u localhost 9999 > /dev/null 

使用netcat 提供网络远程登录服务

服务端

root@newbie-unknown85882:/tmp# nc -l -p 9999 -e /bin/sh
#-e：表示连接成功后执行的程序

客户端

root@newbie-unknown85883:/tmp# nc 10.83.3.102 9999
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet 10.83.3.102  netmask 255.255.255.0  broadcast 10.83.3.255
        ether 52:54:00:35:ed:32  txqueuelen 1000  (Ethernet)
        RX packets 2783649  bytes 689151624 (657.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3028532  bytes 1697066832 (1.5 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1  (Local Loopback)
        RX packets 207153  bytes 40922049 (39.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 207153  bytes 40922049 (39.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
#在客户端上执行ifconfig后显示服务端的ip 10.83.3.102，意思是服务端已开启远程登录服务，供其它机器远程登录。